Marketing and GDPR: How do changing privacy policies affect your brand?
You probably became sick and tired of seeing the term “GDPR” on your screen.
When you get through all the legal jargon, GDPR comes down to one thing – data. As a brand, the more data you collect, the more in-depth your user personas can be. The better your personas are, the easier it will be to connect with your target audience. In fact, according to the Economist, data is now the world’s most valuable resource. The trouble is, your customers don’t trust you to use it for their benefit.
The EU’s new data protection rules are designed to give your customers more power over how their information is handled. Ready to run because you’re based outside of the EU, or you’re willing to wait for Brexit? Not so fast. Anyone who interacts with any EU citizen will be governed by the GDPR, regardless of where your company is located.
Ideally, you should have a GDPR plan in place already. However, even if you’ve already re-confirmed consent for your current customers, and sent out a letter about privacy policies, you still need a plan for the future. The question is, how do you keep gathering data and growing your brand, without falling foul of a hefty fine?
Let’s take a look.
Disclaimer: This post provides information and GDPR marketing tips based on research into the regulations. It does not constitute legal advice. If your company needs a specific GDPR marketing checklist, please consult legal counsel.
What is GDPR? Pointers on privacy in 2018
We can all be a little skittish when it comes to our private data.
Whether you’re the kind of person who shreds anything with your name on before you put it in the bin or just someone who likes to be cautious online, we all like to know we’re safe. That’s why the EU came up with their fancy new guidelines to create rules that cover all the 28 countries of the EU – and anyone who trades with them.
This isn’t the first time that privacy has been an issue for marketers, of course. The new laws replace the data protection regulations originally introduced in 1995. The difference is that the rules and regulations today are far more robust. If you feel like reading up on everything, you can find the full guidelines here. Just remember they’re about 200 pages long…
In the meantime, let us give you a few quick insights that you’ll need to know when it comes to GDPR and marketing. Essentially, your GDPR marketing checklist should be all about earning consent, which comes in various forms:
Unbundled: Consent requests need to be separated from your terms and conditions on a landing page, opt-in page, or email newsletter.
Active opt-in: When someone purchases a service or product from you, it’s no longer enough to automatically opt them into your newsletter. Pre-ticked opt-in boxes don’t count. You need to give customers a real choice.
Granular consent: In an age where customers want more personalisation than ever, it makes sense that they’d want their GDPR marketing to be customised too. Give a range of options for people to choose from.
Named: Make sure that you use your brand name in your opt-in forms and the names of any parties who might be sharing access to customer data.
Easy withdraw: Make sure that your customers always have a way to opt out of your marketing messages.
GDPR and marketing tips mostly apply to email marketing, as people can simply choose not to read content on your website themselves. Additionally, when you’re posting content on social media, the people who see those posts have already given their consent to the social media sites. While obtaining consent for the way you use customer data requires a more careful consideration of your internal practices, we’re focusing on how GDPR affects marketing today.
How GDPR affects marketing: Designing your GDPR marketing checklist
For most brands, complying with GDPR sounds like a headache you’d want to leave your legal team to deal with. However, the truth is that it’s all an important part of embracing the age of transparency. In a world where every customer wants to know that they can trust the companies, they’re connecting with, implementing GDPR marketing shows that you’re ready to do whatever it takes for your clients.
No matter what industry you’re in, complying with GDPR helps you to build trust in your audience, and develop a loyal team of advocates ready to support your brand.
So, where do you start? Let’s begin with the 3 digital data pillars on your GDPR marketing checklist.
GDPR marketing checklist point 1: Data permission
Whenever someone ticks a box on your website saying that you’re free to send them texts, or signs up for an email subscription, they’re giving you their permission to connect with them. Getting opt-in is crucial for a successful marketing plan. Even if you didn’t have GDPR marketing to worry about, you still wouldn’t want to waste your marketing budget on people who don’t want to hear from you.
Data permission refers to how you manage the opt-ins from your customers. Rather than assuming that customers want to be contacted, you need them to express their consent in a “specific, freely given, and unambiguous way.” That means that instead of ticking a box for them next to something that says, “I’m happy for Fabrik to contact me about promotions,” you let them tick the box themselves. Simple right?
It’s worth noting that for your B2B marketing, publicly-available information like brand names and phone numbers are free to use. You can access those without consent, but you still need to give people the option to unsubscribe.
GDPR marketing checklist point 2: Data access
Okay, so once you’ve got the thumbs up from your audience saying you can contact them – what’s next? Unfortunately, that doesn’t mean you have complete control over your customer’s data. Instead, you’ll need to ensure that you’re using customer data correctly and giving them “the right to be forgotten.”
If you think of your marketing relationship with your customer like a romantic relationship, the right to be forgotten basically means that you throw all their clothes out of the window and burn their pictures. When you’re putting your GDPR marketing plans in place, you’ll need to ensure that your customers have access to their data and that they’ll be able to get rid of it from your system if they want to.
From an email perspective, this means complying with GDPR can be as simple as including an unsubscribe link in your email. You can also link to user profiles that let customers manage their email preferences.
A lot of companies and their marketing teams frequently collect a little more data than they actually need from their customers. Before you start collecting data about your customer’s favourite colours or when they had their first kiss, ask yourself what you really need to know. Complying with GDPR means that you have to justify collecting the information you have.
Essentially, when it comes to how GDPR affects marketing, it’s all about refining the things you do to learn about your audience. We all want to get to know our customers, so we can create messages that resonate with them. The key is to get consent, manage data correctly, and focus on the data you genuinely need.
How GDPR affects branding: Protecting your future
One of the biggest mistakes that companies made when they were preparing for the GDPR deadline in May was to assume that only their privacy policies and opt-in pages would be affected by GDPR. As mentioned above, complying with GDPR is a crucial concern for marketers too, as consent plays a big part in your branding. You want to connect with people who are genuinely interested in your organisation and share your values.
Though we can’t give you a legal GDPR marketing checklist with step-by-step pointers for all your campaigns, we can look at how GDPR affects branding and offer a few tips. Here’s our advice on how to make sure your marketing stays compliant.
1. Get to know the details
While the concept of adjusting your marketing to suit GDPR rules might sound about as thrilling as watching paint dry, it’s important for companies in 2018. If you want to start getting opt-in, then you need to make sure that you know the little details that will drive your campaign for you. For instance, a great way to start complying with GDPR is to find out what’s meant by “personal data.” That’s the stuff that you’ll need to use and protect carefully. Personal data in terms of marketing and GDPR includes:
Bank account/ credit card details.
Driver or passport numbers.
Simply put, you can’t collect or use any information that defines an individual person without their permission. Once you’ve got the consent of your customers to gather their information, bring all your insights together to develop your brand recognition strategy.
2. Work on your opt-in and opt-out process
As mentioned previously, a big portion of GDPR marketing compliance pertains to your email strategy. It can also include SMS messages, or direct mail too. No-one wants to receive spam – no matter how much they love a company. Unfortunately, there are still a few cringe-worthy companies out there who buy their email lists, rather than earning them. The GDPR rules now forbid this practice.
To ensure that you’re getting the opt-in you need, make sure that you allow your customers to click on the opt-in button themselves, and provide plenty of information so that they can give “informed” consent. When it comes to opting out, ask yourself:
How easy is it for customers to unsubscribe?
How do we handle the right to be forgotten?
How often do we remind customers of their rights?
3. Go beyond GDPR
When you’re coming up with your GDPR marketing checklist, it’s important to remember that there are plenty of benefits to updating your strategies. Sure, you want your subscribers to give you their consent so you can keep sending emails. However, you can also use this as an opportunity to remind your customers of why they signed up for your emails and marketing messages in the first place.
Think about the benefits that your customers can get from the subscriber experience and show your clients why they want to stay connected with you. For instance, this email from ASOS doesn’t just ask customers for their consent; it asks them what type of emails they’d like to receive:
4. Build customer trust
While the concept of marketing and GDPR may send shivers down the spines of some companies, the truth is that these new regulations offer a great opportunity. Though they do mean more work, they also offer an opportunity to build a deeper relationship with your customers and inspire greater loyalty.
In an era where customers are less trusting of companies, it’s important to do everything you can to show your reliable nature. By ensuring your consent collection practices are up to snuff, you can add a much-needed layer of transparency to the marketing experience. In fact, around 62% of customers say that they’re more willing to share information if they have GDPR rules explained to them.
5. Transform your content strategies
Finally, keep in mind that updating your marketing and GDPR strategies doesn’t just mean making sure you’re compliant. You’ll also need to think about how you’re going to keep convincing people to opt-in in the future. The best option? Give them a reason to keep coming back to your website. No-one’s going to want to opt-in to an email that’s always asking for additional sales.
If you want to come to terms with the GDPR rules, then you need to come up with a ton of fantastic content that you can share with your audience. The consent you’ve got from your existing customers should give you plenty of focused data to build your personalised marketing strategies from. This should lead to a more engaged user base and a bigger conversion rate.
GDPR marketing consent examples: The most “agreeable” brands
The biggest reason that marketers are worrying about complying with GDPR is that it’s tough to persuade an audience to actively consent to have someone else use their data. Unfortunately, in this transparent world, you don’t have an opportunity to “opt out” of the new regulations.
The good news is that many bigger companies have already taken GDPR in their stride. While you should already have the main components of your GDPR strategy in place, these examples could help to inspire you in future campaigns.
1. Complying with “unbundled” consent: Sainsbury’s
Sainsbury’s seem to constantly show up in articles to do with privacy and consent because they offer fantastic examples of what your strategies should look like. With a little luck, your opt-in emails that went out on the 25th of May should have looked at least something like this, if so, you can use this example on future emails. If they didn’t, you’ll need to upgrade, and fast:
Notice how there’s nothing pre-filled for you, and Sainsbury’s has also separated their terms and conditions from their contact permissions sections to give you that “Unbundled” experience that GDPR demands. When bringing new people into your email marketing list, make sure that you ask for their permission in a similar way, keeping everything in its own specific section of your opt-in email.
2. Granular consent done right: Age UK
Adhering to the terms of “granular” consent when new people sign up for your marketing campaigns ensures that you can make their experiences as personalised as possible. This means that adding granularity to your GDPR marketing checklist isn’t just a good move for compliance, it’s a crucial part of building affinity with your audience too. Age UK splits their marketing consent into unique checkboxes all with active opt-in.
3. Handling named organisations: Waitrose
Above, we mentioned that today’s marketers need to make sure that they’re clearly naming any organisation that might have access to customer data. One example of a business that does this well is Waitrose – a company in the John Lewis Partnership. When you register for an account with Waitrose, you can consent to receive emails and updates from both John Lewis and Waitrose. Each organisation is given its own checkbox, so you know exactly what you agree to.
The only problem here is that Waitrose have been slightly sneaky with their opt-in by asking people to tick a box, so they “don’t” receive updates. This may be something that the company needs to re-address now that GDPR is officially in place.
4. Adhering to active opt-in: RSPB
Charities can struggle with their marketing initiatives more than standard companies. The important thing to remember is that just because you’re a non-profit organisation, that doesn’t mean you don’t need to consider marketing and GDPR. One example of a venture setting a strong example is RSPB – the charity for the protection of birds.
When it comes to active opt-in, the RSPB’s form makes sure to separate the various modes of marketing communication they can offer to their client. There’s also a very easy to understand tick or cross for opting out of, or into each option. What’s more, the users are also able to see and edit the contact details that the RSPB already has for them.
5. Simplicity and easy-to-withdraw: The Guardian
Finally, just because your customers want to get your marketing messages, to begin with, doesn’t mean that they’ll want to hear from you forever. If your opt-in rates start to fall, you should be finding out what’s going wrong, not trying to lock people into emails against their will. The good news is that unsubscribe links are an easy addition to an email.
One example of a company that does this well is the Guardian. They allow people who have already registered for an account to withdraw their permission for marketing by going into their account settings. Users on The Guardian website can also withdraw their permission for their information to be used in profiling.
Complying with GDPR: How do your policies measure up?
So, there you have it, the basics of how GDPR affects marketers, and what you need to do to prepare your strategy.
The important thing to remember here is that GDPR might be a significant change, but it’s not the end of marketing and profiling as we know it. While the new regulations represent a big change in the way that companies will handle personal data, they also highlight some great opportunities too. Complying with GDPR means that you can develop deeper connections with your audience, and potentially reduce your risk of wasting your budget on people who don’t want to hear from you.
The GDPR rules weren’t designed to prevent today’s businesses from communicating with their customers. Instead, this strategy could be an amazing way to increase the quality of the data you collect. Since, as we mentioned at the beginning of this article, data is a valuable resource, it’s important to ensure you’re getting the right information.
There’s now a great opportunity for resourceful brands and marketers to dive a little deeper into the needs of their customers and prospects, rather than taking a one-size-fits-all approach to advertising.
The rules for GDPR compliance are simple enough. All you need to do is make sure you don’t contact someone if they don’t give you their permission, and that you don’t use their information in any way they don’t agree to. So, are you ready to welcome the future of marketing and GDPR?
If you enjoyed this article, you might enjoy these too: